@Jeff - I agree, EHRs are definitely here to stay. Is there any business that, having digitized, went back to paper? But I don't believe healthcare organizations are doing enough to promote security. They must do more. Sadly, I don't think that will happen until there's a huge Target-like breach. Then heads will roll and, "suddenly," resources for more healthcare security will become available at more organizations. That's not to say some healthcare orgs don't get it. Some do; some are doing a great job of securing their data, networks, devices, etc. But many, sadly, are not from what security experts in healthcare tell me.

I think the answer is secure EHRs, to be honest because I don't see healthcare going back to paper. The reasons I hear for witholding information from healthcare providers is 'big government' and 'intrusiveness' more than EHRs, necessarily. They are concerned their healthcare information is up for grabs by so many, that once "private" information is entered into a hospital system it becomes fodder for government, research, and educational institutions. They're also concerned about the weakening of doctor-patient confidentiality.

Breaches in EHRs can definitely be life-threatening. If the hacker is not malicious and steals your data expressly to sell it (for the $50 we see bandied around), then someone else could use your medical ID for treatment, surgery, medications, etc. When you, the real patient, need surgery or other healthcare services, you could discover you cannot get treated because "you" owe the hospital thousands of dollars (in unpaid deductibles); you "have a drug problem" (courtesy of a doctor-shopping alter-ego), or "your record" shows you can't be pregnant because your insurance paid for a hysterectomy last year. Or it may show you have no allergies -- when, in fact, you are very allergic to a regularly prescribed antibiotic, for example, leading to health complications or even death.

It's one reason we cannot let healthcare organizations slide on the amount and resources they spend on security. When we see studies like this -- Healthcare IT Security Worse Than Retail -- we must demand better.

Regardless what EHR stakeholders want - regardless what providers want. When patients lose their trust in EHRs - which is happening rapidly - the game ia over. They will simply keep secrets from healthcare providers, which will increase the danger of EHRs even more.

You say that there are no reasonable alternatives to EHRs, yet some providers are already rejecting digital. As costs and danger continue to accelerate, what is to keep more from following? Patriotism?

vnewman - Electronic Medical Records are here to stay. Sure there is potential risk but there is a strong set of security wrapped around them. The benefits far outweigh the down side and paper records are to arcane to consider staying with, even if some believe that they are not safe.

According to Ponemon, here's the difference between paper breaches and digital: Only 5% of identities are breached from paper records, and most of these are because of improper disposal. On the other hand, hackers specifically target identities.

As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.